Privacy Policy for CalorieTaker

Last Updated: March 1, 2026

1. Introduction

Welcome to CalorieTaker ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

2. Information We Collect

2.1 Personal Information


- Account Information: Email address, name (when provided)
- Authentication Data: Google OAuth tokens (managed by Google)
- Subscription Data: Payment information, billing history (processed by RevenueCat/Google Play)
- Usage Data: App usage patterns, features accessed

2.2 Food and Health Data


- Meal Records: Food items, calorie counts, nutritional information
- Food Photos: Images uploaded for AI analysis. These images are stored in our Supabase Storage bucket ("meal-images") and the file URLs are retained in the database. Images are processed by AI providers and saved to provide a consistent user experience (viewing historical meals), and are included in data exports. Stored images are removed when an account is deleted or as otherwise specified in our retention policy.
- Workout Selfies: Optional gym progress photos you take in the app. These selfies are stored in a separate Supabase Storage bucket ("workout-selfies") and are used solely for displaying your progress gallery, computing streaks, and enhancing your workout experience. Selfies are also removed when you delete your account or by request.
- Weight Tracking: Weight entries and trends (optional)
- Achievements: Progress tracking and milestone data

2.2.1 Community Features (Optional)


- Profile Information: Display name, bio, avatar photo (stored in "community" bucket)
- Public Posts: Meal posts, progress updates, tips, and questions you choose to share publicly
- Community Images: Photos you upload to community posts (stored in "community" bucket at users/{user_id}/posts/)
- Social Interactions: Likes, comments, bookmarks, follows, and blocks
- Content Moderation: Reports submitted for inappropriate content
- Visibility Controls: You can set your profile to public or private and control who sees your posts
- Data Deletion: Community posts and images are deleted when you delete your account or individual posts

2.3 AI Analysis Data


- Image Processing: Food photos sent to AI services for analysis
- Analysis Results: Nutritional data returned from AI providers
- Usage Metrics: AI service usage for billing purposes

2.3 Device Information


- Device Details: Device type, operating system, app version
- Camera Access: Food photos (stored temporarily for analysis)
- Microphone Access: Voice input for hands-free meal logging (audio not stored, converted to text locally)
- Storage Access: Local data storage for offline functionality

2.4 Automatically Collected Information


- Log Data: App crashes, performance metrics
- Analytics & Event Data: Aggregated and event-level usage statistics. We collect app lifecycle events (for example: app_open, screen_view, user_engagement), feature usage and custom events (for example: `food_scanned`, `agent_generate`, `ad_shown`, `ad_rewarded`, `subscription_bought`), and performance metrics. These events may include non‑personal identifiers such as an app instance ID, device model, operating system version, app version, approximate geographic region and advertising identifiers (for example, Advertising ID/AAID).

> Note (debug/dev builds): When the app is running in developer/debug mode we may emit additional diagnostic events (debug checks and verbose logs) to help with development and troubleshooting. These debug logs are limited to development builds and are not enabled in production releases.

2.5 Integrations & Health Platform Data


- Health Connect (Android): You may optionally connect CalorieTaker to Health Connect to import activity and health metrics (steps, exercise sessions, distance, total calories burned) when you explicitly enable the integration. This data is used to calculate accurate daily energy expenditure, improve calorie burn estimates, and provide personalized nutrition recommendations.
- Google Fit: You may optionally connect CalorieTaker to Google Fit to import activity and health metrics (for example, steps, active minutes, heart rate, weight, and sleep) when you explicitly enable the integration. Data imported from Google Fit is used to improve activity-aware calorie estimates and personalized suggestions and is stored with your account data.
- Health Data Usage: Health and activity data is only accessed when you explicitly grant permission. We use this data solely for calculating your energy balance and providing personalized insights. Health data is stored securely with your account and is never shared with third parties for advertising or marketing purposes.
- Disconnecting & Revoking: You can disconnect Health Connect or Google Fit via the app (Settings → Integrations) or by revoking access in your device settings or Google Account. We only request the minimum permissions needed and we do not store health platform credentials.

2.6 Dietary Preferences & Sensitive Attributes


- Dietary Preferences: You may provide dietary preferences (e.g., vegetarian, vegan, halal, kosher), allergies, and intolerances to tailor meal suggestions and avoid undesired foods.
- Sensitive Attributes: Attributes such as religion, health conditions, or other sensitive categories are treated as sensitive personal data. We process sensitive attributes only with your explicit consent and only for the purposes you authorize (for example, tailoring meal suggestions or filtering out non-compliant foods).
- Control & Deletion: You may edit or delete dietary and preference data at any time from Profile → Dietary Preferences; deleted data will be removed according to our retention policy.

2.7 AI Features & Auto‑Suggestions


- What we send: When you enable AI features (for example, the Personal Agent or auto‑suggestions), we may send text, aggregated or de‑identified data, and, with your consent, images or meal records to third‑party AI providers for analysis.
- Providers & Training: We may use AI providers such as Google (Gemini), OpenAI, and Anthropic. We do not use your personal data for provider model training unless you explicitly opt in in settings (if applicable).
- Opt‑out: You can opt out of AI‑based suggestions at any time via Settings → Personal Agent or equivalent preferences.

2.8 Health Risk Indicators & Medical Disclaimer


- Some features provide informational health‑risk indicators (for example, estimated risk related to calorie intake or elevated metrics). These indicators are informational only and are not a substitute for professional medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for medical advice.

3. How We Use Your Information

3.1 Core Functionality


- Provide calorie tracking and nutritional analysis
- Store and display your food history
- Enable voice-to-text meal logging (microphone access, audio not stored)
- Integrate with Health Connect for activity-based calorie calculations
- Facilitate community features for sharing meals and connecting with others (optional)
- Generate personalized insights and trends
- Enable offline functionality

3.2 Authentication & Security


- Verify user identity through Google Sign-In
- Secure your account and data
- Prevent unauthorized access

3.3 App Improvement


- Analyze app performance and user experience
- Debug technical issues
- Develop new features

3.4 Legal Compliance


- Comply with applicable laws and regulations
- Respond to legal requests when required

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers


- Supabase: Database and authentication services
- Google Services: OAuth authentication and AI analysis
- RevenueCat: Subscription management and billing
- AI Providers: Food image analysis (Gemini, OpenAI, Perplexity)
- Cloud Storage: Secure data backup (if enabled)

4.2 Legal Requirements


- When required by law or legal process
- To protect our rights and safety
- To prevent fraud or security issues

4.3 Business Transfers


- In case of merger, acquisition, or sale of assets

5. Data Storage and Security

5.1 Data Storage


- Local Storage: App data stored on your device using encrypted storage
- Cloud Storage: User data backed up to secure servers (encrypted)
- Data Retention: Data retained as long as your account is active

5.2 Security Measures


- End-to-end encryption for data transmission
- Secure authentication protocols
- Regular security audits
- Access controls and monitoring

6. Your Rights and Choices

6.1 Data Access


- View and download your personal data
- Request data portability
- Access data through the app interface

6.2 Data Modification


- Update your profile information
- Edit or delete meal records
- Modify account settings

6.3 Data Deletion


- Delete your account and all associated data (this includes meals, analysis results, scan usage records, user profile data, and community posts)
- Stored images associated with your account in Supabase Storage (buckets: `meal-images` and `community`) will also be removed as part of account deletion
- Delete individual community posts, comments, or profile information at any time
- Request complete data removal
- Right to be forgotten (where applicable)

6.4 Opt-out Options


- Disable analytics tracking
- Opt-out of non-essential communications
- Control camera and storage permissions

7. Children's Privacy

CalorieTaker is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.

9. Third-Party Services

9.1 Google Services


- Google Sign-In: Authentication service
- Google AI (Gemini): Food image analysis
- Google Play Services: App functionality and billing

9.2 AI Service Providers


- OpenAI: Alternative AI food analysis (optional)
- Perplexity AI: Alternative AI food analysis (optional)
- Anthropic (Gemini): Primary AI food analysis service

Integrations & Consent: Some integrations (such as Google Fit and AI provider features) require your explicit consent. When you enable these features we will share the minimal data required to provide the functionality; you can disconnect or revoke access at any time via the app or by managing connected services in your account settings. Please review third‑party privacy policies before enabling integrations.

9.3 Subscription Management


- RevenueCat: Subscription billing and management
- Google Play Billing: Android payment processing
- App Store: iOS payment processing (future)

9.4 Supabase


- Database: Secure data storage and management
- Authentication: User account management
- Real-time Features: Live data synchronization

9.5 Analytics & Advertising Providers


- Firebase / Google Analytics for Firebase: We use Firebase Analytics to collect aggregated and custom events (see section 2.4). Firebase may collect app instance identifiers, device information, and other non‑personal identifiers to provide analytics, crash reporting and attribution. See https://policies.google.com/privacy and https://support.google.com/firebase/answer/6318039
- Meta / Facebook AppEvents: We use Facebook AppEvents to measure installs, purchases and conversion events and to support advertising campaigns. AppEvents may receive event names and non‑personal identifiers; purchases may be reported with an `event_id` for deduplication. See https://www.facebook.com/policy.php and https://developers.facebook.com/docs/app-events
- Google Mobile Ads (AdMob): We may use Google Mobile Ads to deliver and measure advertising. Ad SDKs may access device advertising identifiers (AAID/IDFA) and other device signals needed for ad serving and measurement. See https://policies.google.com/technologies/ads
- Other third‑party analytics & advertising services: We may integrate other analytics or ad measurement services in the future; their privacy policies will apply to any data they collect.

> Third‑Party Policies & Controls: We do not control third‑party services. Please review their privacy policies for details about how they process data and how to control advertising personalization at the provider level.

10. Cookies and Tracking

Our app may use local storage and device identifiers for functionality. We do not use cookies or third-party tracking pixels in the mobile app.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the app
- Sending you an email notification
- Displaying an in-app notification

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@calorietaker.com
Website: https://www.calorietaker.com/
App Support: In-app feedback form

13. Compliance

This Privacy Policy complies with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Other applicable privacy laws

14. Data Controller

Data Controller: CalorieTaker App
Data Protection Officer: Ankit Raibole

---

*This privacy policy is designed to comply with major privacy regulations including GDPR, CCPA, and Google Play requirements. Please customize the contact information and review with legal counsel before publishing.*